MozillaFirefox: Security update to 10.0.1
MozillaFirefox was updated to 10.0.1 to fix critical bugs
and security issue.
Following security issue was fixed: CVE-2012-0452: Mozilla
developers Andrew McCreight and Olli Pettay found that
ReadPrototypeBindings will leave a XBL binding in a hash
table even when the function fails. If this occurs, when
the cycle collector reads this hash table and attempts to
do a virtual method on this binding a crash will occur.
This crash may be potentially exploitable.
Firefox 9 and earlier are not affected by this
vulnerability.
https://www.mozilla.org/security/announce/2012/mfsa2012-10.h
tml
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5799
Fixed bugs
bnc#746616
VUL-0: CVE-2012-0452 MozillaFirefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10)
CVE#CVE-2012-0452
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger fail
